Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

[Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
NeedHelp6969

[Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Sun Feb 18, 2018 1:38 pm

I am using backported openvpn on Debian 9 with network-manager-gnome and network-manager-openvpn-gnome.

I used the netherlands udp config file from you guys, and it connects successfully with my token (something else to note, please: you say to hash the token, but i never hashed my token i purchased and the vpn works with the unhashed token).

However, after a random amount of time, it will disconnect. Right now, I am downloading a big 300 MB file with cryptostorm (it is obviously slow because i am on tor right now, cryptostorm -> tor), and the vpn has not disconnected for a long time.

Sometimes openvpn will disconnect randomly saying timeout.

It either disconnects within like 3 minutes, or within 30 minutes.

I do not understand why. Since it never disconnects with my big file downloading, does it disconnect me only when my internet is inactive? Please help. Thanks, guys.



Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Sun Feb 18, 2018 11:41 pm

parityboy wrote:@OP

Do the logs say something like "inactivity timeout"? Could you post some log output here?


I ran CryptoStorm from the terminal, and here is the log with all the errors. I forcefully exited the terminal after the last two lines as nothing else was really happening:

Code: Select all

Sun Feb 18 11:23:01 2018 us=570278 Current Parameter Settings:
Sun Feb 18 11:23:01 2018 us=570340   config = '-snip-/cstorm_linux-netherlands_udp.ovpn'
Sun Feb 18 11:23:01 2018 us=570365   mode = 0
Sun Feb 18 11:23:01 2018 us=570384 NOTE: --mute triggered...
Sun Feb 18 11:23:01 2018 us=570423 349 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:23:01 2018 us=570441 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 30 2017
Sun Feb 18 11:23:01 2018 us=570464 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Enter Auth Username: -snip-
Enter Auth Password: *
Sun Feb 18 11:23:19 2018 us=266482 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb 18 11:23:19 2018 us=267415 LZO compression initializing
Sun Feb 18 11:23:19 2018 us=267641 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 18 11:23:20 2018 us=165310 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:23:20 2018 us=165434 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sun Feb 18 11:23:20 2018 us=165464 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sun Feb 18 11:23:20 2018 us=165526 TCP/UDP: Preserving recently used remote address: [AF_INET]213.163.64.209:443
Sun Feb 18 11:23:20 2018 us=165570 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 18 11:23:20 2018 us=165598 UDP link local: (not bound)
Sun Feb 18 11:23:20 2018 us=165626 UDP link remote: [AF_INET]213.163.64.209:443
Sun Feb 18 11:23:26 2018 us=605923 TLS: Initial packet from [AF_INET]213.163.64.209:443, sid=5105caaa dc96a177
Sun Feb 18 11:23:37 2018 us=45103 TLS Error: TLS key negotiation failed to occur within 17 seconds (check your network connectivity)
Sun Feb 18 11:23:37 2018 us=45211 TLS Error: TLS handshake failed
Sun Feb 18 11:23:37 2018 us=45654 TCP/UDP: Closing socket
Sun Feb 18 11:23:37 2018 us=45716 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 18 11:23:37 2018 us=45772 Restart pause, 5 second(s)
Sun Feb 18 11:23:42 2018 us=45887 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb 18 11:23:42 2018 us=46540 LZO compression initializing
Sun Feb 18 11:23:42 2018 us=46692 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 18 11:23:42 2018 us=46751 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:23:42 2018 us=46815 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sun Feb 18 11:23:42 2018 us=46843 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sun Feb 18 11:23:42 2018 us=46882 TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.80.85:443
Sun Feb 18 11:23:42 2018 us=46938 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 18 11:23:42 2018 us=46965 UDP link local: (not bound)
Sun Feb 18 11:23:42 2018 us=46993 UDP link remote: [AF_INET]185.107.80.85:443
Sun Feb 18 11:23:44 2018 us=289280 TLS: Initial packet from [AF_INET]185.107.80.85:443, sid=077fd6f1 64a3fb6c
Sun Feb 18 11:23:44 2018 us=289947 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 18 11:23:47 2018 us=361193 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Sun Feb 18 11:23:47 2018 us=362161 VERIFY OK: nsCertType=SERVER
Sun Feb 18 11:23:47 2018 us=362202 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Sun Feb 18 11:23:48 2018 us=15342 NOTE: --mute triggered...
Sun Feb 18 11:23:48 2018 us=15479 1 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:23:48 2018 us=15511 [server] Peer Connection Initiated with [AF_INET]185.107.80.85:443
Sun Feb 18 11:23:49 2018 us=128845 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 18 11:23:49 2018 us=305359 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,dhcp-option DNS 185.107.80.84,route-gateway 10.33.0.1,topology subnet,ping 20,ping-restart 60,ifconfig 10.33.96.164 255.255.0.0'
Sun Feb 18 11:23:49 2018 us=305667 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 18 11:23:49 2018 us=305711 NOTE: --mute triggered...
Sun Feb 18 11:23:49 2018 us=305771 5 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:23:49 2018 us=305808 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:23:49 2018 us=306117 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 11:23:49 2018 us=306178 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 18 11:23:49 2018 us=306222 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 11:23:49 2018 us=306274 NOTE: --mute triggered...
Sun Feb 18 11:23:49 2018 us=306610 1 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:23:49 2018 us=306650 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlo1 HWADDR=ba:99:34:98:41:67
Sun Feb 18 11:23:49 2018 us=307207 TUN/TAP device tun0 opened
Sun Feb 18 11:23:49 2018 us=307270 TUN/TAP TX queue length set to 100
Sun Feb 18 11:23:49 2018 us=307309 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 18 11:23:49 2018 us=307353 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 18 11:23:49 2018 us=310223 /sbin/ip addr add dev tun0 10.33.96.164/16 broadcast 10.33.255.255
Sun Feb 18 11:23:49 2018 us=312681 /sbin/ip route add 185.107.80.85/32 via 192.168.1.254
Sun Feb 18 11:23:49 2018 us=314937 /sbin/ip route add 0.0.0.0/1 via 10.33.0.1
Sun Feb 18 11:23:49 2018 us=318133 /sbin/ip route add 128.0.0.0/1 via 10.33.0.1
Sun Feb 18 11:23:49 2018 us=319856 Initialization Sequence Completed
Sun Feb 18 11:25:13 2018 us=486000 [server] Inactivity timeout (--ping-restart), restarting
Sun Feb 18 11:25:13 2018 us=486500 TCP/UDP: Closing socket
Sun Feb 18 11:25:13 2018 us=486597 SIGUSR1[soft,ping-restart] received, process restarting
Sun Feb 18 11:25:13 2018 us=486674 Restart pause, 5 second(s)
Sun Feb 18 11:25:18 2018 us=486898 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb 18 11:25:18 2018 us=487024 Re-using SSL/TLS context
Sun Feb 18 11:25:18 2018 us=487083 LZO compression initializing
Sun Feb 18 11:25:18 2018 us=487276 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 18 11:25:18 2018 us=487352 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:25:18 2018 us=487452 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sun Feb 18 11:25:18 2018 us=487486 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sun Feb 18 11:25:18 2018 us=487534 TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.80.85:443
Sun Feb 18 11:25:18 2018 us=487602 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 18 11:25:18 2018 us=487634 UDP link local: (not bound)
Sun Feb 18 11:25:18 2018 us=487668 UDP link remote: [AF_INET]185.107.80.85:443
Sun Feb 18 11:25:25 2018 us=401621 TLS: Initial packet from [AF_INET]185.107.80.85:443, sid=78cac7ce 72059b16
Sun Feb 18 11:25:25 2018 us=756012 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Sun Feb 18 11:25:25 2018 us=756754 VERIFY OK: nsCertType=SERVER
Sun Feb 18 11:25:25 2018 us=756812 NOTE: --mute triggered...
Sun Feb 18 11:25:26 2018 us=397565 2 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:25:26 2018 us=397934 [server] Peer Connection Initiated with [AF_INET]185.107.80.85:443
Sun Feb 18 11:25:27 2018 us=579348 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 18 11:25:27 2018 us=748505 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,dhcp-option DNS 185.107.80.84,route-gateway 10.33.0.1,topology subnet,ping 20,ping-restart 60,ifconfig 10.33.70.149 255.255.0.0'
Sun Feb 18 11:25:27 2018 us=748742 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 18 11:25:27 2018 us=748778 NOTE: --mute triggered...
Sun Feb 18 11:25:27 2018 us=748829 5 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:25:27 2018 us=748859 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:25:27 2018 us=749102 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 11:25:27 2018 us=749152 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 18 11:25:27 2018 us=749189 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 11:25:27 2018 us=749231 NOTE: --mute triggered...
Sun Feb 18 11:25:27 2018 us=749267 1 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:25:27 2018 us=749296 Preserving previous TUN/TAP instance: tun0
Sun Feb 18 11:25:27 2018 us=749351 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sun Feb 18 11:25:27 2018 us=749421 /sbin/ip route del 185.107.80.85/32
Sun Feb 18 11:25:27 2018 us=751932 /sbin/ip route del 0.0.0.0/1
Sun Feb 18 11:25:27 2018 us=755908 /sbin/ip route del 128.0.0.0/1
Sun Feb 18 11:25:27 2018 us=758365 Closing TUN/TAP interface
Sun Feb 18 11:25:27 2018 us=758456 /sbin/ip addr del dev tun0 10.33.96.164/16
Sun Feb 18 11:25:28 2018 us=794288 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlo1 HWADDR=ba:99:34:98:41:67
Sun Feb 18 11:25:28 2018 us=794914 TUN/TAP device tun0 opened
Sun Feb 18 11:25:28 2018 us=794970 TUN/TAP TX queue length set to 100
Sun Feb 18 11:25:28 2018 us=795025 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 18 11:25:28 2018 us=795086 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 18 11:25:28 2018 us=797780 /sbin/ip addr add dev tun0 10.33.70.149/16 broadcast 10.33.255.255
Sun Feb 18 11:25:28 2018 us=800655 /sbin/ip route add 185.107.80.85/32 via 192.168.1.254
Sun Feb 18 11:25:28 2018 us=803100 /sbin/ip route add 0.0.0.0/1 via 10.33.0.1
Sun Feb 18 11:25:28 2018 us=805862 /sbin/ip route add 128.0.0.0/1 via 10.33.0.1
Sun Feb 18 11:25:28 2018 us=807684 Initialization Sequence Completed
Sun Feb 18 11:26:28 2018 us=313582 [server] Inactivity timeout (--ping-restart), restarting
Sun Feb 18 11:26:28 2018 us=313923 TCP/UDP: Closing socket
Sun Feb 18 11:26:28 2018 us=313987 SIGUSR1[soft,ping-restart] received, process restarting
Sun Feb 18 11:26:28 2018 us=314033 Restart pause, 5 second(s)
Sun Feb 18 11:26:33 2018 us=314151 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb 18 11:26:33 2018 us=314245 Re-using SSL/TLS context
Sun Feb 18 11:26:33 2018 us=314290 LZO compression initializing
Sun Feb 18 11:26:33 2018 us=314446 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 18 11:26:33 2018 us=314496 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:26:33 2018 us=314586 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sun Feb 18 11:26:33 2018 us=314619 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sun Feb 18 11:26:33 2018 us=314670 TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.80.85:443
Sun Feb 18 11:26:33 2018 us=314738 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 18 11:26:33 2018 us=314771 UDP link local: (not bound)
Sun Feb 18 11:26:33 2018 us=314805 UDP link remote: [AF_INET]185.107.80.85:443
Sun Feb 18 11:26:34 2018 us=402100 TLS: Initial packet from [AF_INET]185.107.80.85:443, sid=78623a3d 47e22029
Sun Feb 18 11:26:34 2018 us=585373 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Sun Feb 18 11:26:34 2018 us=586097 VERIFY OK: nsCertType=SERVER
Sun Feb 18 11:26:34 2018 us=586133 NOTE: --mute triggered...
Sun Feb 18 11:26:50 2018 us=899630 1 variation(s) on previous 3 message(s) suppressed by --mute
Sun Feb 18 11:26:50 2018 us=899742 TLS Error: TLS key negotiation failed to occur within 17 seconds (check your network connectivity)
Sun Feb 18 11:26:50 2018 us=899848 TLS Error: TLS handshake failed
Sun Feb 18 11:26:50 2018 us=900178 TCP/UDP: Closing socket
Sun Feb 18 11:26:50 2018 us=900257 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 18 11:26:50 2018 us=900319 Restart pause, 5 second(s)
Sun Feb 18 11:26:55 2018 us=900495 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb 18 11:26:55 2018 us=900619 Re-using SSL/TLS context
Sun Feb 18 11:26:55 2018 us=900668 LZO compression initializing
Sun Feb 18 11:26:55 2018 us=900861 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 18 11:28:15 2018 us=984294 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Sun Feb 18 11:28:15 2018 us=984394 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Sun Feb 18 11:28:15 2018 us=984484 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sun Feb 18 11:28:15 2018 us=984518 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sun Feb 18 11:29:36 2018 us=49946 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Sun Feb 18 11:31:01 2018 us=106132 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)


 ! Message from: parityboy
Formatted for clarity.

User avatar

parityboy
Site Admin
Posts: 1203
Joined: Wed Feb 05, 2014 3:47 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby parityboy » Mon Feb 19, 2018 5:22 pm

@OP

Caught it.

Sun Feb 18 11:23:49 2018 us=319856 Initialization Sequence Completed
Sun Feb 18 11:25:13 2018 us=486000 [server] Inactivity timeout (--ping-restart), restarting
Sun Feb 18 11:25:13 2018 us=486500 TCP/UDP: Closing socket
Sun Feb 18 11:25:13 2018 us=486597 SIGUSR1[soft,ping-restart] received, process restarting


There's a issue with the session counter for your token. Can you check your token here? I'm willing to bet it will say something about maximum sessions reached. If so, email your token to support@cryptostorm.is and ask them to reset it for you. :)


Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Tue Feb 20, 2018 8:12 am

parityboy wrote:-snip-


Sounds good. I emailed them. Also, I have THREE questions:

1. Why does my token work unhashed in OpenVPN? You guys said pretty strictly on your website that you need to SHA512 your token to use it, but I never did that with my token, and it worked unhashed as the username.

2. I already purchased a one-week token before my second token (the one I am talking about in this thread), and it had the same problem. When I checked my first one-week token, it had the same "maximum sessions" issue. Is CryptoStorm's entire token system broken?

3. Your website mentions warrant canaries on CryptoStorm.is. Where is the warrant canary located?

User avatar

parityboy
Site Admin
Posts: 1203
Joined: Wed Feb 05, 2014 3:47 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby parityboy » Tue Feb 20, 2018 7:28 pm

@OP

1. I might have this wrong but this is what I remember. There was a time when an un-hashed token was rejected for security/correlation reasons. After a review, it was determined that accepting un-hashed tokens was much less of a security risk than it first appeared to be.

The server-side authentication script checks the submitted token to determine if it has been hashed or not and if not, it will hash it and then check it against the database for validity. The database only contains hashed tokens.

2. There have been some issues in the past with session tracking - with certain concessions given to mobile connections (which can be quite unstable). This led to weird instances where the session counter was not accurately decremented.

However, these issues were fixed a quite a while back and connections have been incredibly stable since, as in staying up for more than 15 days straight - that's my personal experience (between reboots) running 2 CS connections from a virtualized pfSense instance.

3. The Warrant Canary page is here.


Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Wed Feb 21, 2018 10:30 am

parityboy wrote:@OP

1. I might have this wrong but this is what I remember. There was a time when an un-hashed token was rejected for security/correlation reasons. After a review, it was determined that accepting un-hashed tokens was much less of a security risk than it first appeared to be.

The server-side authentication script checks the submitted token to determine if it has been hashed or not and if not, it will hash it and then check it against the database for validity. The database only contains hashed tokens.

2. There have been some issues in the past with session tracking - with certain concessions given to mobile connections (which can be quite unstable). This led to weird instances where the session counter was not accurately decremented.

However, these issues were fixed a quite a while back and connections have been incredibly stable since, as in staying up for more than 15 days straight - that's my personal experience (between reboots) running 2 CS connections from a virtualized pfSense instance.

3. The Warrant Canary page is here.


Thanks for the answers.

I also thought up two more questions while browsing your forums and website, if you don’t mind:

1. Is your main server (the server that stores the tokens and all that stuff and potentially logs; nobody will ever know for sure if a VPN actually keeps logs or not, so I don’t care) actually located in Iceland? Is somebody Icelandic that you know who runs your server?

2. I researched Douglas Spink for about half an hour after hearing about this man and how he created Cryptostorm (correct me if I am wrong), and had a good laugh about his beatiality farms and cocaine smuggling and pig fucking and all that funny stuff. But in all seriousness, people are complaining around the internet about how this VPN could be a honeypot as he heavily cooperated with the authorities (he could have just rattled out his drug affiliates and pig farm buddies or some shit like that). Obviously you could be an FBI agent or NSA dude or whatever they are nowadays (that would be a hilarious plot twist), or this could be a honeypot (any VPN could), so asking if you are a honeypot/agent is a useless question. But what I wanted to ask was: Is Douglas Spink still on your team? What is the deal with this cocaine-smuggling pig fucker and CryptoStorm?

Thanks.


Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Wed Feb 21, 2018 10:49 am

parityboy wrote:-snip-


UPDATE: I got a response from the CryptoStorm dudes. They seemed a little bit passive-aggressive (I may have seemed that way too, but I am supposed to be the frustrated customer here). I told them what you told me to say, and they said there was no problem. This is my email, and their reply:

My Email:
All the info you need about my issue is here: viewtopic.php?f=32&t=9536

My token: <redacted>

The admin dude told me to tell you to reset my token, as your token system is bugged or some shit.

I already purchased a one-week token before this one-month token, and turns out I had the same maximum sessions problem, so I think your token system must be bugged. Also, I can login to your OpenVPN with my token unhashed, which I am not sure is right or not (since you guys say to hash my token with SHA512).

I'd also like my days to be reset as well, as your VPN was unusable with this bug.


Their Response:
I've tested your token, there's nothing wrong with it:

That 31 day token is VALID and will expire in 29 days.
That token currently has 0 session(s) open.

The max sessions assumption isn't valid in your case. If you test your token @ cryptostorm.nu, it is clearly indicated when your token has reached max sessions.

The bug we had in the past has been clearly identified and solved.

Also providing a token directly as username is functional, it is up to the user if he/she wants to do it or not.

So I would suggest you get into troubleshooting mode by raising the log level on your side to monitor the 'OpenVPN pings' which can cause:

Inactivity timeout (--ping-restart), restarting

Best regards,

Cryptostorm support

-------------------------------------------------------------------

So, yeah... I am clueless on what to do now

 ! Message from: parityboy
Redacted token for security reasons. Adjusted formatting of emails.

User avatar

parityboy
Site Admin
Posts: 1203
Joined: Wed Feb 05, 2014 3:47 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby parityboy » Wed Feb 21, 2018 7:01 pm

@OP

Many thanks for the replies. Just out of interest, what device are you using? Desktop PC or laptop? Wired or wireless?

As to your additional questions:

1. I don't know where the server is located. You'd have to ask df.

2. As far as I am aware, Spink is not affiliated with Cryptostorm but again you would have to ask staff, since they would know more than I. :)

User avatar

Fermi
Site Admin
Posts: 225
Joined: Tue Jun 17, 2014 11:42 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby Fermi » Wed Feb 21, 2018 8:24 pm

@NeedHelp6969

Try to raise log level to verb 7 and look for 'RECEIVED PING PACKET'
to find the cause of:
Sun Feb 18 11:25:13 2018 us=486000 [server] Inactivity timeout (--ping-restart), restarting


/Fermi

User avatar

df
Site Admin
Posts: 311
Joined: Thu Jan 01, 1970 5:00 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby df » Wed Feb 21, 2018 8:58 pm

@NeedHelp6969
Regarding Spink, he is no longer associated with CS and hasn't been since early 2015.
Contrary to what some online sources say, he is not the founder of CS, just a co-founder along with me and one other person who is also no longer involved with the project.

We decided to start CS regardless of his colorful past because he was technically competent, and we didn't really care about his past. Everything he's ever done on any of the servers was closely monitored by me, not so much because of trust issues, but more so I could back trace any issues he might have inadvertently caused when executing commands.
Throughout all his time with CS, I never saw any evidence that suggested he was trying to enable any sort of logging, or installing anything that might enable monitoring against customers.

The reason he was finally let go was because of his constant legal troubles that continued well after he started working on CS. The legal issues were personal, and unrelated to his work at CS, but irregardless they would always bring negative publicity towards the service. They still do today, even though he's no longer involved with the project.


Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Thu Feb 22, 2018 6:07 am

Fermi wrote:-snip-


parityboy wrote:-snip-


df wrote:-snip-


I raised the verbosity log level to 7 with "verb 7," and this is the new log with my errors:

Code: Select all

Wed Feb 21 17:32:39 2018 us=892443 Current Parameter Settings:
Wed Feb 21 17:32:39 2018 us=892555   config = '-snip-/cstorm_linux-netherlands_udp.ovpn'
Wed Feb 21 17:32:39 2018 us=892606   mode = 0
Wed Feb 21 17:32:39 2018 us=892649 NOTE: --mute triggered...
Wed Feb 21 17:32:39 2018 us=892710 349 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:32:39 2018 us=892753 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 30 2017
Wed Feb 21 17:32:39 2018 us=892859 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Enter Auth Username: -snip-
Enter Auth Password: *
Wed Feb 21 17:33:32 2018 us=278384 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:33:32 2018 us=279354 PRNG init md=SHA1 size=36
Wed Feb 21 17:33:32 2018 us=279421 LZO compression initializing
Wed Feb 21 17:33:32 2018 us=279516 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:33:32 2018 us=279630 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:33:32 2018 us=279686 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:33:32 2018 us=279781 NOTE: --mute triggered...
Wed Feb 21 17:33:32 2018 us=279826 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:33:32 2018 us=279860 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:33:32 2018 us=279922 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:33:32 2018 us=280062 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Wed Feb 21 17:33:57 2018 us=418487 RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
Wed Feb 21 17:33:57 2018 us=418576 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:33:57 2018 us=418659 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:33:57 2018 us=418698 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:33:57 2018 us=418758 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:33:57 2018 us=418794 NOTE: --mute triggered...
Wed Feb 21 17:33:57 2018 us=418842 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:33:57 2018 us=418879 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:33:57 2018 us=418917 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:33:57 2018 us=418971 TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.80.85:443
Wed Feb 21 17:33:57 2018 us=419028 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 21 17:33:57 2018 us=419072 UDP link local: (not bound)
Wed Feb 21 17:33:57 2018 us=419112 UDP link remote: [AF_INET]185.107.80.85:443
Wed Feb 21 17:33:57 2018 us=419236 UDP WRITE [14] to [AF_INET]185.107.80.85:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:33:57 2018 us=593166 UDP READ [26] from [AF_INET]185.107.80.85:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Wed Feb 21 17:33:57 2018 us=593262 TLS: Initial packet from [AF_INET]185.107.80.85:443, sid=68a9b54c a590ad57
Wed Feb 21 17:33:57 2018 us=593404 UDP WRITE [22] to [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 21 17:33:57 2018 us=593899 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb 21 17:33:57 2018 us=593990 UDP WRITE [109] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=95
Wed Feb 21 17:33:57 2018 us=767681 UDP READ [1200] from [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=1174
Wed Feb 21 17:33:57 2018 us=768019 UDP WRITE [22] to [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 1 ]
Wed Feb 21 17:33:57 2018 us=768493 NOTE: --mute triggered...
Wed Feb 21 17:33:57 2018 us=771117 3 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:33:57 2018 us=771162 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Wed Feb 21 17:33:57 2018 us=771833 VERIFY OK: nsCertType=SERVER
Wed Feb 21 17:33:57 2018 us=771863 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Wed Feb 21 17:33:57 2018 us=771994 UDP WRITE [22] to [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 3 ]
Wed Feb 21 17:33:57 2018 us=772460 UDP READ [47] from [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=33
Wed Feb 21 17:33:57 2018 us=798171 UDP WRITE [368] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ 4 ] pid=2 DATA len=342
Wed Feb 21 17:33:57 2018 us=971990 NOTE: --mute triggered...
Wed Feb 21 17:34:11 2018 us=908652 10 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:34:11 2018 us=908757 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Feb 21 17:34:11 2018 us=908872 [server] Peer Connection Initiated with [AF_INET]185.107.80.85:443
Wed Feb 21 17:34:13 2018 us=8289 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Feb 21 17:34:13 2018 us=8464 UDP WRITE [83] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=69
Wed Feb 21 17:34:15 2018 us=208432 UDP WRITE [83] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=69
Wed Feb 21 17:34:15 2018 us=213919 UDP READ [22] from [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 4 ]
Wed Feb 21 17:34:15 2018 us=214091 NOTE: --mute triggered...
Wed Feb 21 17:34:15 2018 us=214220 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:34:15 2018 us=214265 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,dhcp-option DNS 185.107.80.84,route-gateway 10.33.0.1,topology subnet,ping 20,ping-restart 60,ifconfig 10.33.66.197 255.255.0.0'
Wed Feb 21 17:34:15 2018 us=214484 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 21 17:34:15 2018 us=214523 OPTIONS IMPORT: --persist options modified
Wed Feb 21 17:34:15 2018 us=214557 NOTE: --mute triggered...
Wed Feb 21 17:34:15 2018 us=214610 4 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:34:15 2018 us=214646 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:34:15 2018 us=214682 MTU DYNAMIC mtu=1400, flags=2, 1602 -> 1400
Wed Feb 21 17:34:15 2018 us=214720 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:34:15 2018 us=214785 Client pre_master: af8a0454 7837a294 ac1cf81f baca0203 bdc84cf2 3db2affc a37b00d7 f0add86c d52af53d 4bd6a31d ffc48cc8 be57c525
Wed Feb 21 17:34:15 2018 us=214839 Client random1: 7c369187 e17bdbf1 a0c46b88 b00bd4ad bbd91a6e 8cd55a08 b93eec7c 743e7c0a
Wed Feb 21 17:34:15 2018 us=214892 Client random2: 5afc0c7b a07720a1 b020ee43 7010824d 9eac36a3 90049dc2 3573fcad 51566b67
Wed Feb 21 17:34:15 2018 us=214925 NOTE: --mute triggered...
Wed Feb 21 17:34:15 2018 us=215230 25 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:34:15 2018 us=215270 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 21 17:34:15 2018 us=215322 Outgoing Data Channel: CIPHER KEY: a2658f1f 26cfb339 54bcf3e9 acf64102 a6a25abf 95b22f53 da402cc9 b13451cd
Wed Feb 21 17:34:15 2018 us=215362 Outgoing Data Channel: CIPHER block_size=16 iv_size=16
Wed Feb 21 17:34:15 2018 us=215423 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 21 17:34:15 2018 us=215496 Outgoing Data Channel: HMAC KEY: c62e8a06 53480372 20f4cb97 856705a1 25d417a9 a3bdb53f 47d7b1b1 8f71c67c 426b96c4 b6761250 4faa3964 ebb80819 bc80def9 665e8636 26cb5448 e8b72fee
Wed Feb 21 17:34:15 2018 us=215532 Outgoing Data Channel: HMAC size=64 block_size=64
Wed Feb 21 17:34:15 2018 us=215572 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 21 17:34:15 2018 us=215626 Incoming Data Channel: CIPHER KEY: 81ce3d6d a1c26ee5 3d484ed7 6700388e bc6ffada 08199dad 85d0887f 44b56ee3
Wed Feb 21 17:34:15 2018 us=215665 Incoming Data Channel: CIPHER block_size=16 iv_size=16
Wed Feb 21 17:34:15 2018 us=215717 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 21 17:34:15 2018 us=215789 Incoming Data Channel: HMAC KEY: 9cf3f960 bc382d3b a456c638 6abf1dfe 0bd080a8 6bbdc050 115b5bd4 f1cf506f 14d7be24 58774907 1463c7ac 448dbdfa 2e470ab8 a46222e4 9859c562 a46fdaef
Wed Feb 21 17:34:15 2018 us=215826 Incoming Data Channel: HMAC size=64 block_size=64
Wed Feb 21 17:34:15 2018 us=216160 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlo1 HWADDR=ee:5f:80:89:24:c7
Wed Feb 21 17:34:15 2018 us=224850 TUN/TAP device tun0 opened
Wed Feb 21 17:34:15 2018 us=224956 TUN/TAP TX queue length set to 100
Wed Feb 21 17:34:15 2018 us=225013 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Feb 21 17:34:15 2018 us=225065 /sbin/ip link set dev tun0 up mtu 1500
Wed Feb 21 17:34:15 2018 us=229428 /sbin/ip addr add dev tun0 10.33.66.197/16 broadcast 10.33.255.255
Wed Feb 21 17:34:15 2018 us=231303 /sbin/ip route add 185.107.80.85/32 via 192.168.1.254
Wed Feb 21 17:34:15 2018 us=232851 /sbin/ip route add 0.0.0.0/1 via 10.33.0.1
Wed Feb 21 17:34:15 2018 us=235098 /sbin/ip route add 128.0.0.0/1 via 10.33.0.1
Wed Feb 21 17:34:15 2018 us=242308 Initialization Sequence Completed
Wed Feb 21 17:34:15 2018 us=242404 UDP WRITE [22] to [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 7 ]
Wed Feb 21 17:34:35 2018 us=583641 TLS: tls_pre_encrypt: key_id=0
Wed Feb 21 17:34:35 2018 us=583838 SENT PING
Wed Feb 21 17:34:35 2018 us=583912 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:34:55 2018 us=870497 TLS: tls_pre_encrypt: key_id=0
Wed Feb 21 17:34:55 2018 us=870664 SENT PING
Wed Feb 21 17:34:55 2018 us=870742 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:34:55 2018 us=903137 UDP READ [113] from [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:34:55 2018 us=903242 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]185.107.80.85:443
Wed Feb 21 17:34:55 2018 us=903339 PID_TEST [0] [SSL-0] [] 0:0 0:2 t=1519259695[0] r=[0,64,15,0,1] sl=[0,0,64,528]
Wed Feb 21 17:34:55 2018 us=903368 RECEIVED PING PACKET
Wed Feb 21 17:35:15 2018 us=144976 NOTE: --mute triggered...
Wed Feb 21 17:35:15 2018 us=145166 2 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:35:15 2018 us=145228 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:35:35 2018 us=663258 TLS: tls_pre_encrypt: key_id=0
Wed Feb 21 17:35:35 2018 us=663424 SENT PING
Wed Feb 21 17:35:35 2018 us=663496 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:35:35 2018 us=676778 UDP READ [113] from [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:35:35 2018 us=676918 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]185.107.80.85:443
Wed Feb 21 17:35:35 2018 us=677002 PID_TEST [0] [SSL-0] [EE] 0:2 0:4 t=1519259735[0] r=[0,64,15,0,1] sl=[62,2,64,528]
Wed Feb 21 17:35:35 2018 us=677038 RECEIVED PING PACKET
Wed Feb 21 17:35:56 2018 us=69848 NOTE: --mute triggered...
Wed Feb 21 17:35:56 2018 us=70036 2 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:35:56 2018 us=70097 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:36:16 2018 us=818135 TLS: tls_pre_encrypt: key_id=0
Wed Feb 21 17:36:16 2018 us=818303 SENT PING
Wed Feb 21 17:36:16 2018 us=818424 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:36:35 2018 us=960159 [server] Inactivity timeout (--ping-restart), restarting
Wed Feb 21 17:36:35 2018 us=960346 PID packet_id_free
Wed Feb 21 17:36:35 2018 us=960741 PID packet_id_free
Wed Feb 21 17:36:35 2018 us=960814 PID packet_id_free
Wed Feb 21 17:36:35 2018 us=960855 NOTE: --mute triggered...
Wed Feb 21 17:36:35 2018 us=960939 5 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:35 2018 us=960978 TCP/UDP: Closing socket
Wed Feb 21 17:36:35 2018 us=961043 PID packet_id_free
Wed Feb 21 17:36:35 2018 us=961100 SIGUSR1[soft,ping-restart] received, process restarting
Wed Feb 21 17:36:35 2018 us=961172 Restart pause, 5 second(s)
Wed Feb 21 17:36:40 2018 us=961418 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:36:40 2018 us=961544 Re-using SSL/TLS context
Wed Feb 21 17:36:40 2018 us=961601 LZO compression initializing
Wed Feb 21 17:36:40 2018 us=961720 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:36:40 2018 us=961822 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:36:40 2018 us=961871 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:36:40 2018 us=961954 NOTE: --mute triggered...
Wed Feb 21 17:36:40 2018 us=961999 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:40 2018 us=962034 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:36:40 2018 us=962089 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:36:40 2018 us=962136 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:36:40 2018 us=962202 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:36:40 2018 us=962239 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:36:40 2018 us=962297 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:36:40 2018 us=962332 NOTE: --mute triggered...
Wed Feb 21 17:36:40 2018 us=962378 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:40 2018 us=962415 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:36:40 2018 us=962452 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:36:40 2018 us=962506 TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.80.85:443
Wed Feb 21 17:36:40 2018 us=962595 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 21 17:36:40 2018 us=962634 UDP link local: (not bound)
Wed Feb 21 17:36:40 2018 us=962675 UDP link remote: [AF_INET]185.107.80.85:443
Wed Feb 21 17:36:40 2018 us=962757 TLS Warning: no data channel send key available:  [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
Wed Feb 21 17:36:40 2018 us=962797 SENT PING
Wed Feb 21 17:36:40 2018 us=962887 UDP WRITE [14] to [AF_INET]185.107.80.85:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:36:42 2018 us=10261 UDP READ [26] from [AF_INET]185.107.80.85:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Wed Feb 21 17:36:42 2018 us=10382 TLS: Initial packet from [AF_INET]185.107.80.85:443, sid=fbe05bf0 12ea22ff
Wed Feb 21 17:36:42 2018 us=10519 UDP WRITE [22] to [AF_INET]185.107.80.85:443: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 21 17:36:42 2018 us=11441 UDP WRITE [109] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=95
Wed Feb 21 17:36:44 2018 us=332306 UDP WRITE [109] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=95
Wed Feb 21 17:36:46 2018 us=119833 NOTE: --mute triggered...
Wed Feb 21 17:36:49 2018 us=238730 8 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:49 2018 us=238826 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Wed Feb 21 17:36:49 2018 us=239615 VERIFY OK: nsCertType=SERVER
Wed Feb 21 17:36:49 2018 us=239656 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Wed Feb 21 17:36:49 2018 us=269625 UDP WRITE [368] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ 2 ] pid=2 DATA len=342
Wed Feb 21 17:36:51 2018 us=683523 UDP WRITE [356] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=342
Wed Feb 21 17:36:55 2018 us=442426 UDP WRITE [356] to [AF_INET]185.107.80.85:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=342
Wed Feb 21 17:36:55 2018 us=549018 NOTE: --mute triggered...
Wed Feb 21 17:36:58 2018 us=55169 2 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:58 2018 us=55281 TLS Error: TLS key negotiation failed to occur within 17 seconds (check your network connectivity)
Wed Feb 21 17:36:58 2018 us=55328 TLS Error: TLS handshake failed
Wed Feb 21 17:36:58 2018 us=55365 PID packet_id_free
Wed Feb 21 17:36:58 2018 us=55662 PID packet_id_free
Wed Feb 21 17:36:58 2018 us=55702 PID packet_id_free
Wed Feb 21 17:36:58 2018 us=55749 NOTE: --mute triggered...
Wed Feb 21 17:36:58 2018 us=55882 10 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:36:58 2018 us=55921 TCP/UDP: Closing socket
Wed Feb 21 17:36:58 2018 us=55985 PID packet_id_free
Wed Feb 21 17:36:58 2018 us=56041 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 21 17:36:58 2018 us=56114 Restart pause, 5 second(s)
Wed Feb 21 17:37:03 2018 us=56368 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:37:03 2018 us=56492 Re-using SSL/TLS context
Wed Feb 21 17:37:03 2018 us=56552 LZO compression initializing
Wed Feb 21 17:37:03 2018 us=56627 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:03 2018 us=56730 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:03 2018 us=56812 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:03 2018 us=56886 NOTE: --mute triggered...
Wed Feb 21 17:37:03 2018 us=56930 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:37:03 2018 us=56964 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:37:03 2018 us=57011 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:37:03 2018 us=57054 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:37:03 2018 us=57121 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:37:03 2018 us=57158 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:37:03 2018 us=57215 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:37:03 2018 us=57250 NOTE: --mute triggered...
Wed Feb 21 17:37:03 2018 us=57295 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:37:03 2018 us=57333 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:37:03 2018 us=57375 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:37:03 2018 us=57426 TCP/UDP: Preserving recently used remote address: [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:03 2018 us=57510 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 21 17:37:03 2018 us=57550 UDP link local: (not bound)
Wed Feb 21 17:37:03 2018 us=57589 UDP link remote: [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:03 2018 us=57666 TLS Warning: no data channel send key available:  [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
Wed Feb 21 17:37:03 2018 us=57706 SENT PING
Wed Feb 21 17:37:03 2018 us=57793 UDP WRITE [14] to [AF_INET]213.163.64.209:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:37:03 2018 us=57982 TUN READ [42]
Wed Feb 21 17:37:03 2018 us=58025 Recursive routing detected, drop tun packet to [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:05 2018 us=70542 UDP WRITE [14] to [AF_INET]213.163.64.209:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:37:05 2018 us=70764 TUN READ [42]
Wed Feb 21 17:37:05 2018 us=70810 Recursive routing detected, drop tun packet to [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:09 2018 us=95596 UDP WRITE [14] to [AF_INET]213.163.64.209:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:37:09 2018 us=95820 TUN READ [42]
Wed Feb 21 17:37:09 2018 us=95867 Recursive routing detected, drop tun packet to [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:17 2018 us=161499 UDP WRITE [14] to [AF_INET]213.163.64.209:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 21 17:37:17 2018 us=161714 TUN READ [42]
Wed Feb 21 17:37:17 2018 us=161761 Recursive routing detected, drop tun packet to [AF_INET]213.163.64.209:443
Wed Feb 21 17:37:20 2018 us=192477 TLS Error: TLS key negotiation failed to occur within 17 seconds (check your network connectivity)
Wed Feb 21 17:37:20 2018 us=192586 TLS Error: TLS handshake failed
Wed Feb 21 17:37:20 2018 us=192634 PID packet_id_free
Wed Feb 21 17:37:20 2018 us=192738 PID packet_id_free
Wed Feb 21 17:37:20 2018 us=192777 PID packet_id_free
Wed Feb 21 17:37:20 2018 us=192864 NOTE: --mute triggered...
Wed Feb 21 17:37:20 2018 us=192998 10 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:37:20 2018 us=193037 TCP/UDP: Closing socket
Wed Feb 21 17:37:20 2018 us=193107 PID packet_id_free
Wed Feb 21 17:37:20 2018 us=193154 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 21 17:37:20 2018 us=193225 Restart pause, 5 second(s)
Wed Feb 21 17:37:25 2018 us=193491 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:37:25 2018 us=193613 Re-using SSL/TLS context
Wed Feb 21 17:37:25 2018 us=193665 LZO compression initializing
Wed Feb 21 17:37:25 2018 us=193751 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:25 2018 us=193853 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:25 2018 us=193907 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:37:25 2018 us=193976 NOTE: --mute triggered...
Wed Feb 21 17:37:25 2018 us=194020 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:37:25 2018 us=194056 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:37:25 2018 us=194104 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:37:25 2018 us=194237 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Wed Feb 21 17:38:45 2018 us=278630 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Wed Feb 21 17:38:45 2018 us=278747 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:38:45 2018 us=278834 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:38:45 2018 us=278874 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:38:45 2018 us=278936 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:38:45 2018 us=278974 NOTE: --mute triggered...
Wed Feb 21 17:38:45 2018 us=279020 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:38:45 2018 us=279058 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:38:45 2018 us=279096 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:38:45 2018 us=279206 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:40:05 2018 us=358965 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Wed Feb 21 17:40:10 2018 us=359395 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:41:30 2018 us=436137 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Wed Feb 21 17:41:35 2018 us=436550 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:42:55 2018 us=506826 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Wed Feb 21 17:43:00 2018 us=507244 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:44:20 2018 us=575635 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.nu:443 (Temporary failure in name resolution)
Wed Feb 21 17:44:20 2018 us=575743 Could not determine IPv4/IPv6 protocol
Wed Feb 21 17:44:20 2018 us=575794 PID packet_id_free
Wed Feb 21 17:44:20 2018 us=575882 PID packet_id_free
Wed Feb 21 17:44:20 2018 us=575920 PID packet_id_free
Wed Feb 21 17:44:20 2018 us=575954 NOTE: --mute triggered...
Wed Feb 21 17:44:20 2018 us=576037 6 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:44:20 2018 us=576076 SIGUSR1[soft,init_instance] received, process restarting
Wed Feb 21 17:44:20 2018 us=576143 Restart pause, 5 second(s)
Wed Feb 21 17:44:25 2018 us=576313 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:44:25 2018 us=576431 Re-using SSL/TLS context
Wed Feb 21 17:44:25 2018 us=576495 LZO compression initializing
Wed Feb 21 17:44:25 2018 us=576558 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:44:25 2018 us=576642 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:44:25 2018 us=576698 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:44:25 2018 us=576769 NOTE: --mute triggered...
Wed Feb 21 17:44:25 2018 us=576821 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:44:25 2018 us=576851 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:44:25 2018 us=576890 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:44:25 2018 us=576986 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Wed Feb 21 17:45:45 2018 us=644058 RESOLVE: Cannot resolve host address: linux-netherlands.cstorm.pw:443 (Temporary failure in name resolution)
Wed Feb 21 17:45:45 2018 us=644175 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:45:45 2018 us=644257 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:45:45 2018 us=644299 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:45:45 2018 us=644369 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:45:45 2018 us=644408 NOTE: --mute triggered...
Wed Feb 21 17:45:45 2018 us=644456 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:45:45 2018 us=644498 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:45:45 2018 us=644538 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:45:45 2018 us=644649 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:47:05 2018 us=709290 RESOLVE: Cannot resolve host address: linux-netherlands.cstorm.pw:443 (Temporary failure in name resolution)
Wed Feb 21 17:47:10 2018 us=709727 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:48:30 2018 us=777377 RESOLVE: Cannot resolve host address: linux-netherlands.cstorm.pw:443 (Temporary failure in name resolution)
Wed Feb 21 17:48:35 2018 us=777796 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:49:55 2018 us=847929 RESOLVE: Cannot resolve host address: linux-netherlands.cstorm.pw:443 (Temporary failure in name resolution)
Wed Feb 21 17:50:00 2018 us=848358 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:51:20 2018 us=916209 RESOLVE: Cannot resolve host address: linux-netherlands.cstorm.pw:443 (Temporary failure in name resolution)
Wed Feb 21 17:51:20 2018 us=916318 Could not determine IPv4/IPv6 protocol
Wed Feb 21 17:51:20 2018 us=916380 PID packet_id_free
Wed Feb 21 17:51:20 2018 us=916470 PID packet_id_free
Wed Feb 21 17:51:20 2018 us=916510 PID packet_id_free
Wed Feb 21 17:51:20 2018 us=916539 NOTE: --mute triggered...
Wed Feb 21 17:51:20 2018 us=916624 6 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:51:20 2018 us=916663 SIGUSR1[soft,init_instance] received, process restarting
Wed Feb 21 17:51:20 2018 us=916732 Restart pause, 5 second(s)
Wed Feb 21 17:51:25 2018 us=916978 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb 21 17:51:25 2018 us=917100 Re-using SSL/TLS context
Wed Feb 21 17:51:25 2018 us=917156 LZO compression initializing
Wed Feb 21 17:51:25 2018 us=917236 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:51:25 2018 us=917336 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:51:25 2018 us=917384 PID packet_id_init seq_backtrack=64 time_backtrack=15
Wed Feb 21 17:51:25 2018 us=917455 NOTE: --mute triggered...
Wed Feb 21 17:51:25 2018 us=917500 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:51:25 2018 us=917534 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Feb 21 17:51:25 2018 us=917587 MTU DYNAMIC mtu=1400, flags=2, 1622 -> 1400
Wed Feb 21 17:51:25 2018 us=917710 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Wed Feb 21 17:52:45 2018 us=985807 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.org:443 (Temporary failure in name resolution)
Wed Feb 21 17:52:45 2018 us=985925 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Wed Feb 21 17:52:45 2018 us=986010 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:52:45 2018 us=986052 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Wed Feb 21 17:52:45 2018 us=986104 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Wed Feb 21 17:52:45 2018 us=986140 NOTE: --mute triggered...
Wed Feb 21 17:52:45 2018 us=986187 1 variation(s) on previous 3 message(s) suppressed by --mute
Wed Feb 21 17:52:45 2018 us=986224 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Wed Feb 21 17:52:45 2018 us=986261 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed Feb 21 17:52:45 2018 us=986373 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2
Wed Feb 21 17:54:06 2018 us=55004 RESOLVE: Cannot resolve host address: linux-netherlands.cryptostorm.org:443 (Temporary failure in name resolution)
Wed Feb 21 17:54:11 2018 us=55339 GETADDRINFO flags=0x0903 ai_family=0 ai_socktype=2


I also just realized I left my token in the email when posting a previous reply, which was really dumb of me, but thanks parityboy for removing it.

I don't know if this issue is client-side or server-side, but I am using a laptop on a wireless network with Debian Stretch Stable (backported openvpn. I also tested the stable openvpn, and it has the same issues).

My networking on Debian also has absolutely no problems; I used my wifi to play some games and do stuff on the web and it never drops. It just seems to be OpenVPN.

Also, @df, is your server based in Iceland?

Thanks.

User avatar

parityboy
Site Admin
Posts: 1203
Joined: Wed Feb 05, 2014 3:47 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby parityboy » Thu Feb 22, 2018 6:24 pm

@OP

Code: Select all

Wed Feb 21 17:36:16 2018 us=818303 SENT PING
Wed Feb 21 17:36:16 2018 us=818424 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:36:35 2018 us=960159 [server] Inactivity timeout (--ping-restart), restarting


It sends the ping but doesn't receive a response. After this the TLS handshake fails (as expected). Did the server actually receive the ping? I doubt it.

It smells like your wireless connection is going down when it's been idle for a little while. This would explain why your VPN connection stays up when there's continuous traffic going through it like a download or a network-based game.

Are there any settings for your WiFi in Network Manager that control its behaviour when idle?


Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Sun Feb 25, 2018 3:06 am

parityboy wrote:@OP

Code: Select all

Wed Feb 21 17:36:16 2018 us=818303 SENT PING
Wed Feb 21 17:36:16 2018 us=818424 UDP WRITE [113] to [AF_INET]185.107.80.85:443: P_DATA_V1 kid=0 DATA len=112
Wed Feb 21 17:36:35 2018 us=960159 [server] Inactivity timeout (--ping-restart), restarting


It sends the ping but doesn't receive a response. After this the TLS handshake fails (as expected). Did the server actually receive the ping? I doubt it.

It smells like your wireless connection is going down when it's been idle for a little while. This would explain why your VPN connection stays up when there's continuous traffic going through it like a download or a network-based game.

Are there any settings for your WiFi in Network Manager that control its behaviour when idle?


As soon as you asked me that, I thought of the solution (something I remembered from a long time ago), and now my problem is solved.

I created a configuration file in /etc/modprobe.d for my wireless chipset, and apparently there was a weird option where it would make my chip go to sleep when inactive (which was also why my internet was slow and weird at times, which I never mentioned). I disabled this option using:

options <wireless chipset name here> fwlps=0 ant_sel=2

The “fwlps” is apparently set to 1 by default, and my wifi chip was going to sleep all the time, which caused the OpenVPN timeout.

I also tested VPNBook and another free VPN with the “fwlps” option set to 1, and they also both gave me timeouts.

But once I set this option to “0,” I got no more timeouts.

ant_sel=2 also appears to speed up my wireless connection by using another antenna, and also makes the VPN faster as well.

Thanks so much for your help. The solution was this easy, and was right in front of me.

@df One last question, though... is CryptoStorm’s main server(s) in Iceland?



Topic Author
NeedHelp6969

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby NeedHelp6969 » Sun Feb 25, 2018 9:09 am

parityboy wrote:@OP

No problem, happy to help. :)


Also, what is the cryptostorm-balancer openvpm config?

User avatar

parityboy
Site Admin
Posts: 1203
Joined: Wed Feb 05, 2014 3:47 am

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

Postby parityboy » Sun Feb 25, 2018 9:17 pm

@OP

Code: Select all

Non-authoritative answer:
Name:   linux-balancer.cryptostorm.net
Address: 5.101.137.252
Name:   linux-balancer.cryptostorm.net
Address: 167.114.84.133
Name:   linux-balancer.cryptostorm.net
Address: 173.234.159.236
Name:   linux-balancer.cryptostorm.net
Address: 185.212.169.140
Name:   linux-balancer.cryptostorm.net
Address: 176.123.3.250
Name:   linux-balancer.cryptostorm.net
Address: 212.83.177.138
Name:   linux-balancer.cryptostorm.net
Address: 108.62.19.132
Name:   linux-balancer.cryptostorm.net
Address: 5.133.8.192
Name:   linux-balancer.cryptostorm.net
Address: 185.117.118.21
Name:   linux-balancer.cryptostorm.net
Address: 104.238.195.140
Name:   linux-balancer.cryptostorm.net
Address: 93.115.30.155
Name:   linux-balancer.cryptostorm.net
Address: 89.163.214.183
Name:   linux-balancer.cryptostorm.net
Address: 212.129.27.79
Name:   linux-balancer.cryptostorm.net
Address: 70.32.38.68
Name:   linux-balancer.cryptostorm.net
Address: 84.16.240.48
Name:   linux-balancer.cryptostorm.net
Address: 198.7.58.245
Name:   linux-balancer.cryptostorm.net
Address: 109.71.42.163
Name:   linux-balancer.cryptostorm.net
Address: 185.107.80.85
Name:   linux-balancer.cryptostorm.net
Address: 185.94.193.235
Name:   linux-balancer.cryptostorm.net
Address: 173.234.56.116
Name:   linux-balancer.cryptostorm.net
Address: 173.208.95.76
Name:   linux-balancer.cryptostorm.net
Address: 185.140.114.52
Name:   linux-balancer.cryptostorm.net
Address: 64.120.5.252
Name:   linux-balancer.cryptostorm.net
Address: 162.221.207.229
Name:   linux-balancer.cryptostorm.net
Address: 185.60.147.79
Name:   linux-balancer.cryptostorm.net
Address: 80.233.134.53
Name:   linux-balancer.cryptostorm.net
Address: 213.163.64.209


linux-balancer.cryptostorm.net and windows-balancer.cryptostorm.net are DNS entries with all of the IPs for all of the exit nodes (Linux and Windows respectively). It enables an OpenVPN client to select an exit node at random. This is useful for people to don't care which exit node they use, it means you only have to set up a single configuration, and it helps balance out the number of people connected to each node.


Return to “member support & tech assistance”

Who is online

Users browsing this forum: No registered users and 3 guests

cron

Login